home

cf3.exe

Loader

RLHackers

The executable cf3.exe, “Dyonanthan Loader” has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from engenhariatm.com.
Publisher:
RLHackers

Product:
Loader

Description:
Dyonanthan Loader

Version:
2.0.0.0

MD5:
96b194f4c82d0a9dea44a7d7f1486ccf

SHA-1:
1b9151cdbcbde749c0cfb3f89080f316f393fc5a

SHA-256:
05366b0d17ff6831cdeb7e86c58563142df222ed2d93777e16eaef86a76b8a98

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/16/2024 12:27:49 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.MSILPerseus.8820
10.0.0.5366

F-Secure
Variant.MSILPerseus.8820
5.15.21

Kaspersky
Trojan.MSIL.Inject
15.0.0.562

Norman
Gen:Variant.MSILPerseus.8820
11.01.2016 17:30:26

File size:
1.2 MB (1,228,800 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2015

Original file name:
Dyonanthan Loader.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\cf3.exe

File PE Metadata
Compilation timestamp:
1/21/2016 12:14:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9EpdzgL5fIC4ZgG6S6afxxhKC2DcykJzIQpnisZJOz1ViGipBka9Ra6:9ELzgL5fIHZgGCazhKC2Ayk1IQpnisZ4

Entry address:
0xD21FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
833 KB (852,992 bytes)

The file cf3.exe has been seen being distributed by the following URL.

http://engenhariatm.com/loader/.../cf3.exe

Remove cf3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.